[courier-users] Courier, PayPal and STARTTLS

Fri, 27 Jan 2017 00:16:31 -0800 

I was expecting an incoming e-mail from PayPal but noticed these errors
in my syslog when it tried to deliver it:

Jan 26 01:11:28 isolar courieresmtpd: [ID 702911 mail.info] 
started,ip=[::ffff:173.0.84.227]
Jan 26 01:11:28 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd: 
STARTTLS failed: couriertls: connect: error:1408F10B:SSL 
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:11:38 isolar courieresmtpd: [ID 702911 mail.info] 
started,ip=[::ffff:66.211.168.231]
Jan 26 01:11:39 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd: 
STARTTLS failed: couriertls: connect: error:1408F10B:SSL 
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:31:28 isolar courieresmtpd: [ID 702911 mail.info] 
started,ip=[::ffff:173.0.84.228]
Jan 26 01:31:29 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd: 
STARTTLS failed: couriertls: connect: error:1408F10B:SSL 
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:31:39 isolar courieresmtpd: [ID 702911 mail.info] 
started,ip=[::ffff:66.211.168.231]
Jan 26 01:31:39 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd: 
STARTTLS failed: couriertls: connect: error:1408F10B:SSL 
routines:SSL3_GET_RECORD:wrong version number

A Google search showed an old thread on here where Sam responded, saying
to set TLS_PROTOCOL to "TLS1" in both "esmtpd" and "esmtpd-ssl".  But
that's what I've already got mine set to:

isolar:1:1100 [/opt/courier/etc] # grep ^TLS_P esmtpd esmtpd-ssl
esmtpd:TLS_PROTOCOL=TLS1
esmtpd-ssl:TLS_PROTOCOL=TLS1

So what do I do?  Is there some trickery I can put into smtpaccess/default
to make them not try to do STARTTLS or something?  Or some other file?

I already have some entries for PayPal in there:

isolar:1:1107 [/opt/courier/etc] # egrep PayPal\|173.0.84\|66.211.168 
smtpaccess/default
# PayPal has their machines crossed
66.211.168.231  allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0
173.0.84.225    allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0
173.0.84.226    allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0
173.0.84.227    allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0
173.0.84.228    allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0

I don't want to switch back to TLS_PROTOCOL=SSL23 just to suit PayPal ...

        - Greg


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to